* origin/topic/vlad/snmp_asn1_oid_performance:
Code modernization: use ranged-based for loop where possible
Improve performance of asn1_oid_to_val string conversions.
The `-B` flag allows to enable debug streams in Debug builds. We
previously didn't support passing the flag for other builds. With that
whether an invocation of `zeek` executed or not depended on the way zeek
was built.
With this patch we accept and parse the flag when passed in the
invocation, but ignore any requests for actual debug streams in
non-Debug builds (no streams are available). If `-B help` is passed we
emit a message and abort.
This patch fixes a signed integer overflow in PIA. When starting a
connection, and then ack-ing ~0x7FFFFFFF (INT32_MAX) bytes, the integer
holding the size of buffered bytes will overflow.
This change simply switches that count to only count bytes that were
actually seen on the wire. In my opinion, this is actually the desired
beavior here - the size is only used to decide if buffering should be
continued, as well as for the output of some debug messages (which, in
my opinion, so far is wrong if there are TCP holes).
This fixes GH-1709. Please see that ticket for more discussion.
This adds a new function for validating UTF-8 sequences by converting to
UTF-32. This allows us to also check for various blocks of codepointsi
that we consider invalid while checking for valid sequences in general.
Broker::NetworkInfo$address is of type string. The Broker::peers() BiF treated
it as an address, which caused ZVal's type validation to flag a
mismatch and abort.
Includes a small tweak to the broker.unpeer test that makes it invoke
Broker::peers(), which breaks in absence of the fix.
We previously computed the length of the Geneve options field
incorrectly which lead to us passing data at an incorrect offset to
inner analyzers. With this patch we now interpret the length field
correctly, according the the spec
https://datatracker.ietf.org/doc/html/rfc8926#section-3.4.
Closes#1726.
This could lead to a noticeable (single-percent) performance
improvement.
Most of the functionality for this is in the packet analyzers that now
cache ignore_chesksums_nets.
Based on a patch by Arne Welzel (Corelight).
* origin/topic/timw/sessions-unordered-map:
Only sort sessions during Drain() if a random seed is set
Use unordered_map to store sessions for performance reasons
* 'topic/jgvt/issue-1598' of https://github.com/ThalesGroup/zeek:
Fix when HTTP header are on several packet
Fix HTTP evasion - Happen when there is no CRLF at the end of HTTP - Fix by adding CRLF when packet is complete (in relation to content-length in header)
This is necessary for e.g. packet sources that don't have a selectable
file descriptor. They'll always be ready on a very short timeout, but
won't necessarily have a packet to process. In these case, sometimes
the time won't get updated for a long time and timers don't function
correctly.
When cloning TableVals, a new timer was created for the wrong object
(the existing TableVal, not the clone). This lead to the already
existing timer being no longer accessible. Which, in turn, leads to an
abandoned timer reading into no longer allocated data when the original
TableVal is deleted.
Fixes GH-1687
With the recent packet manager work, it broke to register a protocol
analyzer for a specific port from inside a plugin's initialization code.
That's because that registration now depends on the packet manager being
set up, which isn't case at that time a plugin's `InitPostInit()` runs.
This fix contains two parts:
- Initialize the packet manager before the analyzer manager, so that
the latter's `InitPostScript()` can rely on the former being
ready.
- Change the analyzer manager to (only) record port registrations
happening before it's fully initialized. Its `InitPostScript()`
then performs the actual registrations, knowing it can use the
packet manager now.
This comes with a `cmake/` to add a missing include directory.
